I'm your typical computer security hobbyist. I'm interested in searching for bugs I can call my own. But, I'm sure that some areas are more fruitful than others. I'm looking for advice from professionals on where a novice is likely to have the most success. Other, more general, tips on bughunting is appreciated as well.
A good recourse for tools for everything from Security audits to analysis to fuzzing is :
<a href="https://packetstormsecurity.com/files/tags/tool/page2/" rel="nofollow">https://packetstormsecurity.com/files/tags/tool/page2/</a><p>Other then that learning the proper lingo gives you the proper search terms when looking around. Looking the txt zines gives you some interesting search phrases aswell as sometimes bug hunting comes up. Also do some deepweb diving or darknet hunting (which ever term you like).
one idea is to use a static analysis tool and look for memory exploits. for practice you could take say an old version of any popular app (say bittorent v0.1 ) and run it through the tool. the older versions would have example bugs and memory exploits so you can get familiar with the tool. maybe that would also give you some ideas of places to look for bugs (since first versions tend to be more buggy).<p>the most fruitful has been for a long time sql injection (imo). while thats largely been fixed by parametized queries, theres probably a ton of software that was never upgraded.